diff options
author | Jack Lloyd <[email protected]> | 2018-06-17 15:14:54 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-06-17 15:14:54 -0400 |
commit | 90fd2927c301805aa9ca6c18ed69a8ed6f099d89 (patch) | |
tree | b8023ff825e812971d061d9fd9c001f5736f124f | |
parent | a463838817a8033a6e6bef47bf7c5aac3312468d (diff) |
Add some todo comments wrt side channels in ECC scalar mult
-rw-r--r-- | src/lib/pubkey/ec_group/point_mul.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp index c6014f81d..0a8f76d58 100644 --- a/src/lib/pubkey/ec_group/point_mul.cpp +++ b/src/lib/pubkey/ec_group/point_mul.cpp @@ -123,6 +123,9 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k, const uint32_t w = scalar.get_substring(2*i, 2); + // side channel here, we are relying on scalar blinding + // TODO use masked lookup + if(w > 0) { const size_t idx = (3*i + w - 1)*2*m_p_words; @@ -214,6 +217,7 @@ PointGFp PointGFp_Var_Point_Precompute::mul(const BigInt& k, { windows--; const uint32_t nibble = scalar.get_substring(windows*m_window_bits, m_window_bits); + // cache side channel here, we are relying on blinding... R.add(m_U[nibble], ws); /* @@ -300,6 +304,7 @@ PointGFp PointGFp_Multi_Point_Precompute::multi_exp(const BigInt& z1, const uint8_t z12 = (4*z2_b) + z1_b; + // This function is not intended to be const time if(z12) { H.add_affine(m_M[z12-1], ws); |